Miggo Logo

CVE-2010-2491: Roundup Cross-site Scripting (XSS) vulnerability

6.1

CVSS Score
3.1

Basic Information

EPSS Score
0.68801%
Published
5/17/2022
Updated
10/26/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
rounduppip< 1.4.141.4.14

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper output encoding in error handling:

  1. The commit diff shows renderContext() in client.py originally used return '<strong>%s</strong>'%message without escaping
  2. The message variable contained user-controlled template names from the HTTP request
  3. The patch added cgi.escape() to sanitize the output, confirming the lack of escaping was the root cause
  4. XSS occurs when attackers inject malicious payloads through the template parameter, which gets reflected in error messages
  5. The exception handlers for NoTemplate and Unauthorised both needed escaping fixes, but only renderContext's HTML response path was directly exposed to external input

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross-sit* s*riptin* (XSS) vuln*r**ility in `**i/*li*nt.py` in Roun*up ***or* *.*.** *llows r*mot* *tt**k*rs to inj**t *r*itr*ry w** s*ript or *TML vi* t** t*mpl*t* *r*um*nt to t** /issu* pro*r*m.

Reasoning

T** vuln*r**ility st*ms *rom improp*r output *n*o*in* in *rror **n*lin*: *. T** *ommit *i** s*ows `r*n**r*ont*xt()` in *li*nt.py ori*in*lly us** `r*turn '<stron*>%s</stron*>'%m*ss***` wit*out *s**pin* *. T** `m*ss***` v*ri**l* *ont*in** us*r-*ontroll